Passwords swapped for passkeys: What is it and why is it important?

Tech giants Apple, Microsoft and Google will update their phone software and web browsers later this year with technology called passkeys, in a bid to reduces vulnerabilities.

The main aim of implementing passkeys when it was being designed is to make your logins safe
AFP

The main aim of implementing passkeys when it was being designed is to make your logins safe

Passwords: a mix of letters, numbers, and special characters we routinely curse when we forget them or when we are forced to come up with new ones. 

You might be inclined to use the same, simple, and short password for all your accounts again and again because it is just flat-out impossible for humans to create and remember complicated passwords. 

And even if you create secure passwords, attacks like phishing can fool people into giving up even the most unique passwords.

They also can be leaked if an entire unencrypted database gets hacked. This is a serious problem for tech companies that promise to secure your data. 

Therefore, tech giants have designed an alternative that reduces vulnerabilities.

Apple, Microsoft, Google, and the other companies in the FIDO Alliance will update their phone software and web browsers later this year with passkeys. 

The FIDO Alliance is an industry group dedicated to “solving the World’s password problem”. They have been working on this for years.

At the Worldwide Developers Conference (WWDC) this week, Apple announced its implementation of the passkey standards.

Rolling out in iOS 16 and MacOS Ventura this fall, passkeys will not require a unique configuration for each app or service.

Here is what you need to know about it:

What are passkeys?

It won’t ask you to have a lower case, upper case, special characters, and a number in your password that is often frustrating. It also does not require a second authentication factor to strengthen security. 

However, you will need to have your phone or computer with you for access.

Apple’s vice president of internet technologies, Darin Adler, said at the WWDC keynote that passkeys will be more secure, easier to use and will replace passwords for good.

They don’t involve setting or remembering a password and can also stop phishing attacks. If you buy a new phone, passkeys are synchronized and backed up. They are also encrypted. 

How will they work?

When using passkeys, your device will create a unique pair of keys: a public key and a private key. 

The public key is stored on the server and will allow the website or app to verify your account. 

You will have to approve each use of that data with a private key via your phone or computer. 

You can't log from a friend’s computer without your own device.

However, you can use a passkey stored on your phone to log onto another nearby device. 

The login screen on the laptop will ask to present a QR code that you can scan with your phone. 

You will have to turn on your Bluetooth to ensure your phone and the computer is close by. Then, it will let you use a fingerprint or face ID check on your phone, completing the authentication process. 

Don’t get overwhelmed by the process. Although the process might sound complicated, passkeys will help make signing up for new accounts easier. 

You just have to use Touch ID or Face ID, and your phone and computer will do the rest. 

You don’t also have to create a long password and then try to remember it. It is just as simple as the access card you get to your workplace. 

In case you lose your device, there is a system called iCloud Keychain escrow that handles restoring your passwords.

Why is this important?

The main aim of this system when it was being designed is to make your logins safe and solve the three biggest problems: weak passwords, leaked passwords and phishing. 

Passkeys use the same security foundation called cryptography for a login operation, a technology that implements online encryption, digital authentication, credit card processing, and online banking. 

Passkeys also block phishing attempts. 

"Passkeys are intrinsically linked to the website or app they were set up for, so users can never be tricked into using their passkey on the wrong website," Ricky Mondello, who oversees authentication technology at Apple, said in a WWDC video.

The private key is stored only on your device. Also, there's no database of password data that hackers can steal. 

When will it be launched?

As soon as this year. 

At the conference, Apple said it'll launch passkeys to iOS 16 and macOS Ventura, its software updates this fall. 

Google said it'll bring passkey support to Android software for developer testing by the end of this year. The same for Chrome and Chrome OS. 

Route 6